Website Security

There has been a lot talk recently on various Scout related forums in regards to Unit websites and could they use one service or another. I would like to take a moment and use this post to talk from my professional side. I have been professionally building websites, administrating web servers, and consulting with businesses about their websites for over 15 years.

Here is what I want you to visualize, the building where you live. How can you secure against someone from entering that you don't want there? Do you lock the doors, close the windows, and lock the gates? Well someone breaks a window and gets in away, so now you add bars to the windows, and put a fence around the entire building. Someone digs under the fence... You add in a alarm system, sensors and cameras. Yet someone else manages to break in. Now you put in a mot, add a dog patrol and barb wire across the top of the fence. Yet the keep on coming.

This is exactly like what computer security is. All you can do is put up obstacles to slow them down and discourage a hacker. However, that will not stop them from breaking in. A while back someone hacked Microsoft and stole the code to Windows 98 I think it was. About once a year we hear of someone hacking into Paypal or some bank to steal credit card info. Big companies can not stop it, so why do you think having a password protected section on your site will stop them. The companies getting hacked have far better and more complicated security measures in place. All it gives you a fake sense of security.

What I teach people. If you put online the minute it hits the server assume everyone you don't want to have it now has it. Maybe its your social security number, or maybe its your sons name, photo, school name, address and phone number. Maybe you were lucky and it was only a spammer who took it, but what if it was a pedophile?

The purpose of this post is to get you to stop and think. Not to scare you into not having a site or changing the way you do everything. Stop and think about what you are putting it online, what would happen if a hacker or worse got a hold of that information? Are the risks worth it? If not what will you change to to reduce the risk?